Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risks & opportunities and ISO 14001
Thank you Carlos. Your answer is very helpful. -
Vendor qualification - who is responsible?
Answer:
There is no technical universal answer. That depends on what each organization decides. In my experience I see organizations opting either for one or the other.
The following material will provide you information about the Vendor qualification:
- ISO 9001 – How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Changes and environmental aspects
Answer:
In my early days of work in the chemical industry my company changed a procedure for terminating the chemical reaction in order to increase productivity. Sometime after that change we realized that the amount of dangerous chemical compounds in the wastewater increased a lot. We had a normal operation working with several environmental aspects identified, then we decided to make a change and that change in the way of work changed the environmental aspects. Another change could be a change in a recipe, or a change in raw materials or a change of suppliers. Your organization can be an importer of goods made in another continent, with some environmental aspects due to distance of a long supply chain. If your organization decides to start to buy the goods locally those environmental aspects will change.
The following material will provide you information about assessment of environmental as pects:
- ISO 14001 – 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
DPIA Register template
Answer:
The document does not include a list of risks nor it should since the risks vary from business to business from processing activity to processing activity and will most likely be different for each organization. So, you need to identify them by yourself and the questionnaire will help you with that.
To learn more about DPIAs check out our webinar “Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR” https://advisera.com/eug dpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/ -
Policies and procedures
Answer:
You can amend the documents to your liking except for the “Standard Contractual Clauses for the Transfer of Personal Data to Controllers” and “Standard Contractual Clauses for the Transfer of Personal Data to Processors” which must be filled in only where there are blanks.
To find more about how to use the EU GDPR Documentation Toolkit https://community.advisera.com/topic/consent-form/ don’t miss our upcoming webinar “How to use a Documentation Toolkit for the implementation of EU GDPR” https://advisera.com/eugdpracademy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-eu-gdpr-free-webinar-on-demand/ -
Consent form
Answer:
Our EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ contains a draft consent form that you can use, as well as all the other documents you need to consider for EU GDPR compliance.
I also suggest you to check out our webinar “How to handle consents under GDPR” https://advisera.com/eugdpracademy/webinar/how-to-handle-consents-under-gdpr-free-webinar-on-demand/ -
Application of control A.18.1.1
The application of control A.18.1.1 (Identification of applicable legislation and contractual requirements) refers only to the identification of the legal requirements that can affect your information security - for example, requirements related to privacy regulation, regulation on e-commerce, etc.
If a law or contract applicable to your organization has no impact on the information protected by your ISMS scope, you do not need to document it for the purposes of the information security management.
Regarding the services you provide, if they are not included in your ISMS scope, there is also no need to document it. -
Cláusulas 5.1 y 5.3: ¿es necesario documentarlas?
En cuanto a la cláusula 5.1 de la ISO 14001:2015 no existe documentación obligatoria con la que cumplir. Sin embargo, la alta dirección debe demostrar su liderazgo garantizando los recursos adecuados el SGA, asegurando que el plan estratégico sea compatible y esté integrado con el SGA y cumpliendo con la mejora continua, entre otros.
Para más información vea "Cómo demostrar el liderazgo según la ISO 14001:2015" (en inglés): https://advisera.com/14001academy/blog/2015/10/05/how-to-demonstrate-leadership-according-to-iso-140012015/#
En el caso de la cláusula 5.3, tampoco existe documentación obligatoria que exija la norma ISO 14001:2015. Para poder cumplir con los requisitos de este numeral es muy recomendable que la alta dirección asigne a los diferentes roles la responsabilidad y autoridad necesarias para que se puedan cumplir sin dificultades todos los requisitos del SGA y para que la alta dirección se mantenga informada sobre el desempeño del sistema.La asignación se puede realizar mediante la elaboración y la comunicación interna de perfiles completos de los puestos de trabajo. Además de todas las actas de reunión en la que se realice la revisión por la dirección y los comités.
Para más información, vea "Cuáles son los roles y responsabilidades clave en el SGA": https://advisera.com/14001academy/blog/2016/11/21/what-are-the-key-roles-and-responsibilities-in-the-ems/
Además estos materiales pueden ser de utilidad:
- Curso Fundamento de ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/
- Libro sobre ISO 14001:2015 (sólo disponible en inglés): https://advisera.com/books/the-iso-14001-2015-companion/
- Herramienta en línea para ISO: https://advisera.com/conformio/ -
Customer requirements
Answer:
I worked for several years in a PVC producing company, so I am quite aware that there are PVC grades that are fully interchangeable. My answer is: go and check if your contracts or agreements with customers say anything about the need to inform the customer whenever you change a raw material even if there is no performance change. As a consultant I work with injection molding companies – some have contracts that detail the raw materials to use and any change is a breach of contract; and some have nothing in the contract and can change without communicating to customers.
The following material will provide you information about ISO 9001:
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
How to start ISO 13485 implementation project
Answer:
Once you have the top management support for the project, sou should conduct a gap analysis to determine to what extent your organization is already compliant with ISO 13485 and what needs to be done to achieve full compliance. After determining the gaps, you can define the project plan for the implementation where you will define the activities, documents to be developed, responsibilities and deadlines.
Usually, the first step in the project is defining the procedure for document and record control, and then the quality policy. The next step is to identify the processes and resource management. Then you can conduct risk assessment and define controls for the processes.
Once your processes are set up, you can perform internal audit and management review and you will be ready for the certification audit.